JP2000066587A - Data processing device, communication system, and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make is possible to enhance the transmission efficiency while preventing the degradation in safety occurring in the shortage of a block length even when the block length of block ciphers is short and to provide the Feistel type ciphers. SOLUTION: This data processor devides a plaintext or ciphertext into >=2 small blocks 22, 26, executes data processing in these small block units to form the fresh small blocks and executes an excryption processing or decryption processing by these small blocks. In such a case, the processor has a conversion means F which converts the small blocks by keys, interaction means 55, 56 which subjects the small block converted by the conversion means to the interaction with another small block and a chain means 54 which chains the small block to another small block.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data processing device, a communication system, and a recording medium, and more particularly to a data processing device, a communication system, and a recording medium suitable for use in encrypting and decrypting data.

[0002]

2. Description of the Related Art In recent years, encryption of data using a computer has been widely performed. Cryptographic algorithms for this purpose are broadly classified into block ciphers in which data is encrypted for each block as blocks of a fixed length and stream ciphers in which input data is encrypted one character at a time. Block ciphers are converted to the same output if they have the same input, but stream ciphers are converted to different outputs even if the input is the same.

[0003] As a conventional block cipher, only an encryption method with a fixed input / output length is known, and an encryption with a variable input / output length has not yet been realized. In the traditional way,
The only way to encrypt a variable-length input is to encrypt each block or chain the blocks.

An operation mode is famous as a method for encrypting such a variable-length input. This method divides the input into multiple blocks of a given block length by padding the input that is not always a multiple of the block length with padding of an appropriate size for blocks that are short of the block length. It is. However, this method has a problem that the transmission efficiency is reduced because the encryption must be performed after adjusting the block length.

On the other hand, the block cipher has a drawback that the block length cannot be reduced due to the property of the block cipher that the same input and the same output are obtained. This is because it is possible to create a table of inputs corresponding to outputs when the block length is short. Once such a table is created, even if the key is not known, it is possible to decrypt only the ciphertext into the original plaintext and extract the information.

On the other hand, a stream cipher can be regarded as a random number generator, and a random number sequence output by an initial value (key) is different, so that it is difficult to obtain an initial value from the random number sequence. Although this point is the basis of the security of the stream cipher, if the same key is used for a long time, the random number sequence itself becomes clear, and there is a risk that the cipher can be decrypted without knowing the key. It can be considered that the block cipher avoids such a problem of the stream cipher by increasing the block length.

[0007]

Here, consider a case where an attempt is made to encrypt a relatively short electronic message. Deterioration of transmission efficiency due to padding of the block cipher is not a problem for long messages, but may be a serious problem for relatively short messages.

[0008] For example, in a system for charging a program such as a satellite broadcast, the charge is realized by individual information which is transmitted by encrypting a key obtained by encrypting the program itself only to a contracted user with the user's key. Since the individual information has a relatively short block length and a large number of cases, deterioration of transmission efficiency due to padding is a serious problem. In order to increase the transmission efficiency, it is necessary to shorten the block length in order to reduce the padding, and there is a problem that the security is reduced.

[0009] Of the above problems, the problem of transmission efficiency can be solved by using a stream cipher. However, in order to enhance security, it is necessary to frequently change the key, and the cost is enormous.

On the other hand, Nyberg et al. Describe a secure DES type cryptosystem, namely Feiste, in block ciphers.
It shows a method of constructing a secure permutation table necessary for designing a 1 (Faitel) type cipher. That is, APN
(Almost Perfect Non-linea
It has been shown that if a permutation table is created so as to have a property called r), a cipher having provable security can be constructed for typical cryptographic attack methods such as differential cryptanalysis and linear cryptanalysis.

Therefore, even when a large number of relatively short telegrams are encrypted, a stream cipher is used instead of a stream cipher.
There is a need for a means capable of encrypting with high efficiency by a block cipher which is a Feistel encryption to which the design guideline proposed by Nyberg et al. Can be applied.

The present invention has been made in view of such circumstances, and a first object of the present invention is to provide a cipher for a block cipher which has a small block length even if the block length is short. It is an object of the present invention to provide a data processing device, a communication system, and a recording medium that can increase transmission efficiency while preventing a decrease in performance and that can be a Feistel encryption. A second object is to provide a data processing device, a communication system, and a recording medium that can make the block length itself variable.

[0013]

According to an aspect of the present invention, a plaintext or ciphertext is divided into two or more small blocks, and data processing is performed on a small block basis. A data processing device for performing an encryption process or a decryption process by using a new small block as a new small block, wherein the conversion unit converts the small block with a key, and the small block converted by the conversion unit interacts with another small block. This is a data processing device provided with an interaction means for causing the small block to chain with another small block.

According to the present invention, since such means are provided, interaction in units of small blocks is enabled, and chaining is appropriately performed between small blocks, so that encryption strength can be increased.

[0015] Further, since the same effect as substantially increasing the length of a small block can be obtained by the chain, it is possible to prevent a decrease in encryption strength even if the length of the small block is shortened. .

Next, a second aspect of the present invention is the invention according to the first aspect, wherein the division of the plaintext or ciphertext into two or more small blocks is performed by sequentially dividing the plaintext or ciphertext from the beginning. At the same time, the odd-numbered small blocks from the beginning and the succeeding small blocks that have undergone data processing are designated as odd-numbered row small blocks, and the even-numbered small blocks from the beginning and subsequent succeeding small blocks that have undergone data processing. The block is an even-numbered small block, the interaction means is an odd-numbered small block and an even-numbered small block, and the chaining means is a data processing device for chaining odd-numbered rows or even-numbered rows. .

Since the present invention is provided with such means, it is possible to provide a cipher in which blocks interact between odd-numbered columns and even-numbered columns. Therefore, for example, it is also possible to realize Feistel encryption between odd sequences. Further, since the small blocks are chained between the odd columns and the even columns, the above-mentioned interaction is substantially the interaction between the entire odd column and the entire even column.

Further, even if the length of the small block is shortened, the encryption strength can be maintained by the chain action. Therefore, even if the plaintext before the small block division is short, efficient encryption using short small blocks can be realized.

As described above, even if the block length of the block cipher is short, the transmission efficiency can be increased while preventing a decrease in security caused by the short block length, and the Feistel cipher can be used. Can be made possible.

Further, by changing the number of chained small blocks, the length itself of a block composed of a plurality of small blocks (divided block in the embodiment) can be made variable.

Next, a third aspect of the present invention is the invention according to the second aspect, wherein the direction of the chain is the sequential direction of the columns, and the conversion means includes one stage corresponding to each of the odd-numbered columns. This is the data processing device provided above.

Therefore, the encryption strength and the processing time can be adjusted by adjusting the number of stages. Next, an invention corresponding to claim 4 is the data processing apparatus according to claim 3, wherein the number of stages of the conversion means is reduced in a column portion where the number of columns of the odd columns and the even columns is large.

Chaining of small blocks is performed sequentially from the head of encryption / decryption. For example, the result of a certain conversion means is input to the next column after one, and exclusive OR is performed with a small block in that column. This process is sequentially performed for every other column.

When such a sequential chaining process is performed,
The processing results of each column are sequentially output. Therefore, in a portion where the number of columns is large, the overall processing speed can be increased by reducing the number of processing stages by the conversion means. Since the effect of data agitation by chaining and the like is higher as the number of columns is larger, even if the number of stages is reduced, there is little adverse effect on the encryption strength in this part.

Next, the invention corresponding to claim 5 is the invention according to claim 3 or 4, wherein when the number of stages becomes a predetermined condition, the data for switching the direction of the chain from the sequential direction of the column to the reverse direction is used. Processing device.

When such a chain is realized, the effect of data agitation and the like can be enhanced not only in a portion having a large number of columns but also in a portion having a small number of columns, and the encryption strength can be further increased. it can.

Next, the invention according to claim 6 is the invention according to claims 3 to 5, wherein the processing of the conversion means other than the conversion means which generates a dependency due to the processing of the interaction means or the chain means is not described. , A data processing device that performs parallel processing.

According to the present invention, by providing such means, efficient processing can be realized. Next, a seventh aspect of the present invention is a data processing device according to the second to sixth aspects, wherein the length of the small blocks and / or the number of small blocks to be chained can be changed.

According to the present invention, by providing such means, it is possible to freely change the length itself of a block composed of a plurality of small blocks while maintaining the encryption strength. Next, the invention corresponding to claim 8 relates to claims 2 to 6
A communication system for performing cryptographic communication between communication devices using any of the data processing devices described above, wherein a block length determined by the length of the small blocks and the number of chains of the small blocks is set as a shared secret on the transmission and reception sides. It is a communication system.

Since the present invention is provided with such means, not only the effect of the data processing device according to any one of claims 2 to 6 but also the deciphering becomes more difficult by keeping the block length secret. Can be.

Next, the invention corresponding to claim 9 is the communication system according to claim 8, wherein the block length is variable for each block. Next, a tenth aspect of the present invention is the communication system according to the ninth aspect, further comprising a random number generator that determines a variable block length based on a seed shared by the transmitting and receiving sides.

Since the present invention is provided with such means, it becomes more difficult for a third party to detect the block length, and the encryption strength can be further increased. Next, the invention corresponding to claim 11 is the invention according to claims 8 to 10,
This is a communication system in which the timing at which the direction of the chain is switched is set as a secret shared by the transmitting and receiving sides.

Since the present invention is provided with such means, the chaining method can be kept secret, and the encryption strength can be further increased. Next, an invention corresponding to claim 12 is a recording medium on which a program for causing a computer to realize the invention corresponding to claim 1 is recorded.

A computer controlled by the program read from the recording medium functions as the data processing device of the first aspect. Next, a thirteenth aspect of the present invention is a recording medium storing a program for causing a computer to implement the second aspect of the present invention.

The computer controlled by the program read from the recording medium functions as a data processing device according to the present invention. Next, an invention corresponding to claim 14 is a recording medium on which a program for causing a computer to realize the invention corresponding to claim 7 is recorded. The computer controlled by the program read from the recording medium functions as the data processing device according to claim 7.

[0036]

Embodiments of the present invention will be described below. (First Embodiment of the Invention) FIG. 1 is a block diagram showing a configuration example of a data processing device according to a first embodiment of the present invention.

This data processing device is configured as an encryption / decryption device 1 including a computer such as a personal computer or a workstation. This encryption / decryption device includes an encryption / decryption processing unit 2 for executing encryption and decryption processing, and storage means (not shown) for storing the plaintext file 3, the ciphertext file 4, and the key file 5.

Here, the plaintext file 3 stores data to be encrypted which is not blocked. The key file 5 stores a secret key used in the encryption / decryption processing unit 2.

The encryption / decryption processing unit 2 includes a data agitation unit 11 for executing m-stage encryption and decryption processes, and m
Expanded keys K1, K2,. . A key conversion unit 12 that generates Km (hereinafter, also simply referred to as a key) and provides it to a data stirring unit 11
And an initial value generation unit 13 for generating an initial value corresponding to each stage
And small block cutout editing units 14 and 15 and a block length designation unit 16.

The block length designating section 16 has a block length (for example, 1 byte) of a small block for encryption or decryption and a chain number to be described later, based on a predetermined set value or an externally input block length designation. Is determined, and the block length is given to the small block cutout editing units 14 and 15, the data agitation unit 11, and the initial value generation unit 13. Also, the block length of the small block is fixed, and only the number of chains is calculated from the substantial length of the encryption target (the divided block length described later) which is the product of the block length and the number of chains.
It may be input to each part.

The small block extracting and editing unit 14 divides the plaintext from the plaintext file 3 into small blocks from the beginning with the designated block length, and divides the odd-numbered small blocks into the stirring unit 1.
One odd-numbered block processing unit 17 and even-numbered small blocks are input to an even-numbered block processing unit 18. Also, the stirring unit 1
The decrypted data output from 1 in small block units is edited and output to the plaintext file 3 as plaintext.

The small block extracting and editing unit 15 performs the same processing as the small block extracting and editing unit 14 on the last stage (m stage) of the stirring unit 11. That is, the ciphertext from the ciphertext file 4 is divided into small blocks from the beginning with a designated block length and input to the agitating unit 11, and the encrypted data output from the agitating unit 11 is edited as ciphertext. Output to ciphertext file 3.

The data agitating unit 11 includes an odd block processing unit 17 and an even block processing unit 18. The small block having the block length designated by the block length designation unit 16 is used as an initial value and an expanded key from the key conversion unit 12. K performs encryption and decryption.

The odd-numbered block processing section 17 receives the odd-numbered small blocks, and performs the first, third, and third stages in the encryption / decryption processing.
5 steps,. . . , M−1 stages, while the even-number block processing unit 18 receives an even-numbered small block at first, and performs the second, fourth, and sixth stages of the encryption / decryption process.
Dan,. . . , M stages of processing. In the case of encryption, the processing is sequentially performed from the first stage, and the data after completion of the m-th stage is output as encrypted data. Conversely, in the case of decoding, processing is performed in reverse order from the m-th stage,
The data for which the processing of the first stage has been completed is output as decoded data.

The odd block processing section 17 and the even block processing section 18 are schematically shown in FIG. 1, but are actually constituted by a large number of processes for chaining input small blocks. You. As will be described in detail later, Feistel type processing is realized between odd block processing and even block processing, and processing between small blocks in each odd block processing and even block processing is linked. It is configured as follows.

The processing configuration in the data agitating section 11 will be specifically described with reference to FIGS. Note that what is simply referred to as a key in the figure may be an expanded key generated from a single key as described above.

FIG. 2 is a diagram showing a specific configuration example of the data agitating section in the present embodiment. As shown in the figure, a plaintext 21 as an input is divided into small blocks 22 and input. The small blocks 22 are sequentially input from the head into an odd block 23 and an even block 24, and are subjected to odd block processing or even block processing, respectively. The processing sequence corresponding to each small block 22 of the plaintext 21 is sequentially described as a first column, a second column,. . . Then, the processing of the odd columns corresponds to the odd block processing, and the processing of the even columns corresponds to the even block processing.

The ciphertext 25 is also composed of small blocks 26. At the time of decryption, the odd block 27 and the even block 2
8 is input separately. FIG. 3 is a diagram in which one adjacent row of odd-numbered rows and even-numbered rows is extracted from the configuration of FIG.

In the processing of the extracted set of odd-numbered columns, the i-th block 23 in the i-th column (i is an odd number) is converted by the function F31 of the first stage using the expanded key K1. One is input to the (i + 1) th column and the (i + 1) th block 2
The exclusive-OR of the result with X.4 is taken and input to the function F32 of the second stage. In the function F32 of the second stage, the input is converted by the expanded key K2, one of the conversion results is returned to the i-th column, and the other output from the function F31 of the first stage is exclusive-ORed with the other output. And input to the third-stage function F33.

Hereinafter, while repeating such an interaction between the i-th column and the (i + 1) -th column, the processing proceeds to the final stage, and encrypted small blocks 27 and 28 are output, respectively.

Thus, by making the odd-numbered processing results interact with the even-numbered processing results, a more difficult-to-decrypt and secure cipher is constructed. Here, the processing between the i-th column and the (i + 1) -th column is Feistel-type encryption processing.

FIG. 4 is a diagram schematically showing an example of the form in the Feistel block cipher. FIG.
(B) and (c) are configuration examples of the data agitation process that becomes a Feistel block cipher. In the case of the present embodiment, this corresponds to FIG. FIG. 4B shows a so-called DES system. In this embodiment, FIG.
However, the present invention may take any of the forms shown in FIGS. 4A, 4B and 4C.

By the way, the interaction between the odd columns in FIG. 3 is obtained by extracting only the processing that two adjacent columns exert on each other, and the processing performed by the entire data agitating section 11 shown in FIG. It is not a simple combination of those shown in FIG. This time, only the processing of the specific j-th stage is extracted, and how the chain along the direction of the stages, that is, the plaintext 21 and the ciphertext 25 along the traveling direction is described with reference to FIG.

FIG. 5 shows the j-th stage (j
(The odd numbers are extracted.) As shown in the figure, the processing of odd columns (odd block processing) is configured to be chained. The same applies to the processing of the even-numbered columns.

First, the input 41 in the first column has an initial value of 4
After exclusive-ORing with 2, the result is converted by the function F43 using the expanded key Kj. The conversion result is input to the next stage 44.
And the input 45 to the transformation of the third column (the next odd block).

The input 46 of the third column is XORed with the output 45 of the first column, and then the function F4 is calculated using the expanded key Kj.
7 is converted. The result of the conversion is output to an input 48 to the next stage and an input 49 to the conversion of the fifth column (the next odd block).

In the same manner, the chain in which the processing result of the previous odd block is input to the conversion of the next odd block continues. As described above, only the odd-numbered column processing (odd-block processing) and the even-numbered column processing (even-numbered block processing) are performed, respectively.

By the input of the initial value 42, the processing of each of the odd-numbered columns can be made exactly the same circuit. Therefore, since the same circuit can be reused, the number of circuits for the odd-number block processing and the even-number block processing to be prepared in the data agitation unit 11 is small. Therefore, the initial value may be a dummy, for example.

Now, the data agitating section 11 shown in FIG.
FIG. 5 shows a processing circuit comprising the interaction of the odd columns shown in FIG.
This is a combination of a chain processing circuit in each of the odd-numbered column and the even-numbered column indicated by.

Accordingly, the processing of the circuit shown in FIG. 2 will be described as follows. First, the odd-numbered small blocks 23 in the first column are calculated with the initial value 51 in the first row, and then converted by the function F52 by the expanded key K1 in the first row. Conversion result 5
3 is used in an operation 54 with the odd-numbered small blocks 23 in the third column, an operation 55 with the even-numbered small blocks 24 in the second column, and a third-stage operation 56.

Here, the operations 55 and 56 constitute an interaction means for the first column and the second column to interact with each other, and the operation 54 is a chain means for the first column and the third column to be chained. You can see that

As described above, the output result of the conversion of the i-th column and the j-th stage is calculated as an input to the i-th column and the j-th stage in order to link to the (i + 2) -th column. In addition, the output result is such that the i + 1-th column and the (j + 1) -th column are used when the i-th column interacts with the (i + 1) -th column when i is an odd number (the i-th column when i is an even number).
The operation is performed on the input to the first stage, and the operation is performed on the output of the (i + 1) th column and the (j + 1) th stage and the input side of the (i) th column and the (j + 2) th stage. Thus, the above-mentioned interaction and chain are secured.

As can be seen from FIG. 1, this encryption process can be processed sequentially with respect to the input, and the resulting encrypted text can be sequentially output as soon as the process is completed. There is a feature that it is not necessary to perform all processing after storing.

The decryption processing is performed in the reverse order of the encryption processing. That is, in FIG. 1, processing is performed from bottom to top. Next, the operation of the chain processing will be described.

In the present embodiment, the block length and the number of chains of the small block 22 can be freely set, and secure encryption can be performed even for the small block 22 having a short block length of, for example, about 1 byte. This is because the chaining action of the small blocks 22 has the same result as performing the encryption processing on a substantially large block (also referred to as a divided block). Although the interaction between adjacent small blocks has been described above with reference to FIG. 3, in the processing of FIG. 2, the whole of odd-numbered small blocks and the whole of even-numbered small blocks are also of the facial type. The interaction that becomes. This will be described later.

The number of chains can be freely set by the block length specifying section 16 in FIG. 1. Depending on how many times the chains are made, input of variable lengths having different lengths of the input block (plaintext 21) can be performed. It becomes possible to encrypt.

For example, first, the block length designation unit 16 reads the number of bytes of each plaintext having a different length, which are successively input to the encryption / decryption processing unit 2 from the plaintext file 3. Next, the block length is set to, for example, 1 byte, and the number of bytes of each plaintext is set as the number of chains, and is input from the block length specifying unit 16 to each of the units 11, 13, 14, 15.

Next, a description will be given of the interaction between the whole of the odd-numbered small blocks and the whole of the even-numbered small blocks. FIG. 6 is a diagram showing an example of a circuit equivalent to the encryption circuit of FIG.

In this circuit, first, the plaintext 21 input by the conversion P61 is rearranged into an odd part 62 in which only the odd-numbered small blocks 22 are collected and an even-numbered part 63 in which only the even-numbered small blocks 23 are collected.

After the odd part 62 is converted by the function G64, the conversion result 65 is an input 66 to the next-stage conversion,
It is transmitted to the input 67 of the processing of the even part 63. Hereinafter, the conversion proceeds while alternately interacting the conversion results, and the conversion P
The ciphertext 26 is obtained by performing the inverse transformation P- ¹ 68 of 61.

As shown in the partial enlarged view of FIG. 6, the function G is obtained by decomposing the input 69 into small blocks 70 and then performing the same transformation (including the function F) as in FIG. 71 is output.

As described above, it can be seen that the processing in FIG. 6 is the same as the processing in FIG. 2 although the appearance is different. The configuration shown in FIG. 6 is formally equivalent to a cipher belonging to the form of the Feistel block cipher (FIG. 4A).
Therefore, the security discussion applicable to the Feistel encryption can be applied as it is.

Therefore, it is possible to adopt a configuration of a secure replacement table for the Feistel type encryption shown by Nyberg et al., That is, an encryption configuration using an APN replacement table. In the decryption processing unit 2 of the present embodiment, the AP
An encryption configuration based on N substitution tables is used.

Next, the operation of the data processing device according to the present embodiment configured as described above will be described. In the present apparatus, first, a plaintext (divided block) having an unspecified length is extracted from the plaintext file 3. The block length and the number of chains are determined by the block length specifying unit 16 corresponding to the plaintext length, and the plaintext is input to the small block cutout editing unit 14.

In the small block extracting and editing unit 14, the plain text is sequentially extracted into small blocks 22, and is input to the data agitation unit 11 for each odd and even small block. Data stirring unit 11
Are processed sequentially from the first small block 22 to the last small block 22, and are subjected to chaining and interaction. The encryption process at this time is a sequential process in which the first column in FIG. 2 is directed to the last column and from the first stage to the m-th stage.
Output in 6 units.

Each small block 26 thus encrypted
Is edited by the small block cutout editing unit 15 and stored in the ciphertext file 4 as ciphertext. In the case of decryption, the reverse process is performed.

As described above, in the data processing device according to the embodiment of the present invention, in the encryption algorithm, the object to be encrypted is divided into small blocks, and each small block is linked between odd columns and even columns. Thus, even if the size of the small block is small, secure encryption can be realized.

Further, by adjusting the length and the number of chains of the small blocks, it is possible to process variable-length blocks, and to perform secure and efficient encryption even for plaintexts having different lengths and relatively short lengths. Can be.

Further, since the data agitation unit 11 can perform sequential processing, there is no need to store intermediate processing results in a buffer, and the data can be sequentially output as soon as the processing is completed.

Further, since the sequential processing is performed, the overall processing efficiency does not decrease even if the block length input to the encryption processing unit 2 is increased. Therefore, even if a short key is used, security against a brute force attack can be increased by, for example, increasing the number of chains and increasing the length of the interacting real block.

In the present embodiment, the key conversion unit 12 generates the expanded key K by the secret key method and supplies the key to each stage of the data agitation unit 11. It is not limited to the method. For example, the key conversion unit 11
May be given the same key, or all processing stages may be given keys of different origins other than the expanded key. Further, a different key may be provided not only for each row but also for each column.

Further, in the data agitating section 11 of the present embodiment, for example, when the number of columns becomes large, the number of stages in which the processing of the function F as the conversion means is performed may be reduced. By doing so, the encryption result of the last column by the sequential processing can be output quickly, and the efficiency of encryption / decryption processing can be increased. Further, since chaining is sufficiently performed in a portion having a large number of columns, it is considered that sufficient encryption strength can be obtained even if the number of stages is reduced.

As a method of changing the number of stages, a method of reducing the number of stages when the number of columns exceeds a certain number or a method of sequentially reducing the number of stages corresponding to the number of columns can be considered. (Second Embodiment of the Invention) In the present embodiment, the direction of a chain is switched depending on the number of stages in the data processing apparatus of the first embodiment.

The data processing apparatus of the present embodiment is similar to the first embodiment except that the chain direction of the data agitating section corresponding to FIG. 2 is switched from the designated number of stages to the reverse chain. It is configured.

FIG. 7 is a block diagram showing an example of a partial configuration of a data agitating section in a data processing device according to the second embodiment of the present invention. FIG.
Only the processing configuration related to the chain in the stage, j + 2 stage, l stage, and l + 1 stage is extracted.

From the first stage including the j-th stage and j + 2 stage to the l-th stage
The chaining in the second stage is the same as in the first embodiment, in which odd-numbered small blocks are chained in the forward direction from the first column to the (n-1) th column. In the present embodiment, the last column is the n-th column, and therefore, the number of chains is n / 2.

On the other hand, from the 1st stage to the final stage, the chaining is performed in the reverse direction from the (n-1) th column to the first column. Note that the even-numbered column has the same configuration as the odd-numbered column, and the chain direction switches from the (l + 1) th stage.

The number of switching stages in the chain direction can be specified from the block length specifying section independently and freely in each of the odd and even columns. In the encryption in the normal state, as in the case described above, it is specified that the odd-numbered columns and the even-numbered columns are switched in the chain direction at substantially the same timing.

As described above, the data processing apparatus according to the embodiment of the present invention has the same configuration as that of the first embodiment, and also switches the chain direction from a predetermined number of stages. In addition to the same effects as those of the embodiment, all inputs will affect the encryption result,
It is possible to compose a highly secure encryption that is more difficult to decipher.

Further, it is possible to perform communication with higher security by setting which stage is chained in which direction in secret of the cryptographic user. (Third Embodiment of the Invention) In this embodiment, in the first or second embodiment, a plurality of conversion means having no dependency on the input are processed in parallel.

The data processing apparatus of this embodiment has the same configuration as that of the first or second embodiment except that such parallel processing is performed. FIG. 8 is a block diagram showing a parallel processing part in the data processing device according to the third embodiment of the present invention.

In the figure, the two functions F82 and F83 included in the portion surrounded by the dashed circle 81 do not have any input / output dependency, so that they can be processed in parallel, and are not particularly shown. Parallel processing is performed by means.

Further, among the two circles 81, since there is no input / output dependency between the processes in the circles which are the positional relationship between the circles 81a and 81b, parallel processing is possible. Between them, parallel processing is performed in the same manner as described above.

As described above, the data processing apparatus according to the embodiment of the present invention has a configuration similar to that of the first or second embodiment, and performs parallel processing of input / output independent processing. As a result, the same effects as those of the first or second embodiment can be obtained, the overall processing speed can be improved, and the processing efficiency can be improved. (Fourth Embodiment of the Invention) The present embodiment relates to first to third embodiments.
A description will be given of a communication system in which the data processing device as the encryption / decryption processing device according to the embodiment is one communicator and the encryption / decryption processing device is the other communicator.

FIG. 9 is a block diagram showing a configuration example of a communication system according to the fourth embodiment of the present invention. The same parts as those in FIGS. Here, only different parts will be described.

In this communication system, a communication device 91A and a communication device 91B are connected via a communication path 92. As the communication path 92, various forms such as a LAN and the Internet can be considered.

Each of the communication devices 91A and 91B has the same configuration except that one is a sender and the other is a receiver. That is, the plaintext division unit 93, the divided block length delivery unit 94, and the communication processing unit 95 are provided to the encryption / decryption device 1 of FIG.
Is added.

The plaintext dividing section 93 divides the plaintext to be transmitted into blocks of irregular length and encrypts the block in units of small blocks. In addition to the input to the unit 14, the length of each block is transferred to the block length designation unit 16 and the divided block length transfer unit 94. Note that the block obtained by dividing the plain text here is referred to as a divided block hereinafter to distinguish it from a small block and its block length, and the block length of the divided block is referred to as a divided block length. Note that the block length multiplied by the number of chains is the divided block length.

The division block length transfer section 94 transfers information on each division block length from the communication device 91A to the communication device 91B by, for example, encrypting the information, or secretly transfers the information in the reverse direction. Further, the key used by the encryption / decryption processing unit 2 of both communication devices 91A and 91B is also shared.

Next, the operation of the communication system according to the present embodiment configured as described above will be described. First,
In the communication device 91A on the transmitting side, a plaintext 96 to be encrypted and communicated is divided by the plaintext dividing unit 93 into divided blocks 97 having unequal lengths, and the encryption / decryption processing unit 2 capable of processing a variable-length block outputs a secret key. Is used to encrypt each block. The small block length and the number of chains for this encryption are calculated from the divided block length in the block length designation unit 16. In the present embodiment, the block length of the small block is fixed at 1 byte.

The ciphertext 98 created in this way is transmitted via the communication path 92. It is necessary for the sender and receiver of the encrypted communication to discuss in advance how the plaintext should be divided, but this is performed in advance by the processing between the divided block length delivery units 94 as the divided block length information. .

Next, in the communication device 91B on the receiving side, the received divided block information and the cipher text 98 are decrypted for each divided block 99. At this time, the number of chains of each encrypted divided block 99 is calculated from the divided block length.

After decryption, the same plaintext 96 as the original is restored by connecting the divided blocks 97. As described above, the communication system according to the embodiment of the present invention includes first to first communication systems.
The communication device provided with the third encryption / decryption processing unit 2 and the plaintext division unit 93 and the division block length transfer unit 94 creates an irregularly-divided ciphertext 98 having a divided block length, performs cipher communication, and performs the encrypted block length. Is transmitted and received as confidential information between the communication devices, so that the same effects as those of the first to third embodiments can be obtained. Secret communication can be performed more securely.

This is very similar to the normal encrypted communication, but since the block length of the block to be encrypted is variable, even if a malicious third party eavesdrops on the communication path 92, the block division is not performed. It is impossible to decipher because you do not know. (Fifth Embodiment of the Invention) This embodiment is an improvement of the method of dividing a plaintext into divided blocks in the plaintext dividing unit in the fourth embodiment.

FIG. 10 is a block diagram showing an example of the configuration of a plaintext division unit in a communication system according to the fifth embodiment of the present invention. Here, only the different parts will be described.

The communication system of this embodiment has the same configuration as that of the fourth embodiment except that the configuration of the plaintext division unit 93 in each of the communication devices 91A and 91B is changed. The plaintext division unit 93 includes a seed storage unit 101, a random number generator 102, and a division processing unit 103.

The seed storage section 101 stores a seed.
The random number generator 102 generates a random number based on the seed extracted from the seed storage unit 101 and outputs the generated random number to the block length designation unit 16 and the division processing unit 103 of the encryption / decryption processing unit 2 as a division block length.

The division processing unit 103 divides the plain text according to the division block length obtained from the random number generator 102, and outputs the divided plain block to the small block cutout editing unit 14. Next, the operation of the data processing device according to the present embodiment configured as described above will be described.

First, the seed is the basis for calculating the divided block length, and is notified to the communication partner by a seed sharing means (not shown). This seed sharing means may be an encrypted communication means like the divided block length delivery unit 94 in FIG. 9, or may be a delivery using a recording medium not via the communication path 92. Therefore, in the case of the present embodiment, it is not necessary to directly transfer the divided block length between the communication devices.

Next, the seed owned by the sender becomes the initial value, and the random number generator 102 outputs a random number. This generated random number is further converted by the same random number generator 102 into a value that can be used for the divided block length and output.

The plaintext is sequentially divided by the division block length obtained by the random number generator 102 in the division processing unit 103 and input to the encryption / decryption processing unit 2. On the other hand, the divided block length itself is also input to the encryption / decryption processing unit 2 and used for calculating the number of chains.

The following operation is the same as in the fourth embodiment. As described above, the communication system according to the embodiment of the present invention has the same configuration as that of the fourth embodiment, and also calculates the divided block length by generating a random number based on a seed. In addition to the same effects as in the embodiment, a variable divided block length is determined by a random number, so that it is possible to further make it difficult to distinguish the divided blocks of the ciphertext.

Therefore, even if the communication path 92 is eavesdropped and the ciphertext is obtained by another person, the delimitation of the block is not known and the code cannot be decrypted. The method described in the embodiment may be a program (software means) that can be executed by a computer (computer), for example, a magnetic disk (floppy disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), semiconductor It can also be stored in a storage medium such as a memory or transmitted and distributed via a communication medium. The program stored on the medium side includes a setting program for causing the computer to execute software means (including not only an execution program but also a table and a data structure) to be executed in the computer. A computer that realizes the present apparatus reads a program recorded in a storage medium, and in some cases, constructs software means by using a setting program, and executes the above-described processing by controlling the operation of the software means.

[0114]

As described above in detail, according to the present invention, the entire block to be encrypted is further divided into small blocks and the blocks are encrypted while being chained and interacting with each other. Data processing apparatus and communication system capable of increasing transmission efficiency while preventing a decrease in security due to a short block length even when the length is short, and capable of performing Feistel encryption In addition, a recording medium can be provided.

Further, according to the present invention, there is provided a data processing apparatus, a communication system, and a recording medium in which the number of chains or the length of a small block is made variable so that the block length itself to be encrypted can be made variable. can do.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration example of a data processing device according to a first embodiment of the present invention.

FIG. 2 is a view showing a specific configuration example of a data agitating unit in the embodiment.

3 is a diagram in which one adjacent row of an odd-numbered row and an even-numbered row is extracted from the configuration of FIG. 2;

FIG. 4 is a diagram schematically showing an example of a form in a Feistel block cipher.

FIG. 5 is a diagram showing only the j-th stage (j is an odd number) of the encryption processing extracted from FIG. 2;

FIG. 6 is a diagram showing an example of a circuit equivalent to the encryption circuit of FIG. 2;

FIG. 7 is a block diagram showing an example of a partial configuration of a data agitation unit in a data processing device according to a second embodiment of the present invention.

FIG. 8 is a block diagram showing a parallel processing part in a data processing device according to a third embodiment of the present invention.

FIG. 9 is a block diagram showing a configuration example of a communication system according to a fourth embodiment of the present invention.

FIG. 10 is a block diagram showing a configuration example of a plaintext division unit in a communication system according to a fifth embodiment of the present invention.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 ... Encryption / decryption device 2 ... Encryption / decryption processing unit 3 ... Plaintext file 4 ... Ciphertext file 5 ... Key file 11 ... Data agitation unit 12 ... Key conversion unit 13 ... Initial value generation unit 14 ... Small block cutout editing unit 15 ... Small block cutout editing section 16 Block length specifying section 17 Odd block processing section 18 Even block processing section 21 Plaintext 22 Small block 23 Odd block 24 Even block 25 Ciphertext 26 Small block 27 Odd number Block 28: Even block 41, 44, 45, 48, 48 ... Input 51 ... Initial value 54 ... Calculation 55, 56 ... Calculation 62 ... Odd part 63 ... Even part 81, 81a, 81b ... Dotted circle 91A, 91B ... Communication Device 92 Communication channel 93 Plaintext division unit 94 Divided block length delivery unit 95 Communication processing unit 96 Plaintext 97, 99 Divided block 98 Dark Statement 101 ... seed storage unit 102 ... random number generator 103 ... division processing section F ... function G ... function K, K1, K2 ,. . , Km ... expanded key P ... conversion

Claims (14)

[Claims] 1. A data processing device that divides a plaintext or ciphertext into two or more small blocks, performs data processing in units of the small blocks to form new small blocks, and thereby performs an encryption process or a decryption process. Conversion means for converting a small block by a key, interaction means for causing the small block converted by the conversion means to interact with another small block, and chain means for linking the small block with another small block. A data processing device comprising: 2. The method according to claim 1, wherein the plaintext or the ciphertext is divided into two or more small blocks sequentially from the beginning of the plaintext or the ciphertext, and an odd-numbered small block from the beginning and data processing are performed. The succeeding small block is an odd-numbered column small block, and the even-numbered small block from the beginning and the succeeding small block that has undergone data processing are an even-numbered small block. 2. The data processing apparatus according to claim 1, wherein the small block and the even-numbered small block interact with each other, and the chaining unit links odd-numbered columns or even-numbered columns. 3. The data processing device according to claim 2, wherein the direction of the chain is a sequential direction of the columns, and the conversion unit is provided at least one stage corresponding to each of the odd columns. . 4. The data processing apparatus according to claim 3, wherein the number of stages of said conversion means is reduced in a column portion where the number of columns of said odd-numbered column and said even-numbered column is large. 5. The data processing apparatus according to claim 3, wherein the direction of the chain is switched from the sequential direction of the columns to the reverse direction when the number of stages becomes a predetermined condition. 6. The processing according to claim 3, wherein the processing of the conversion units other than the conversion units that generate a dependency due to the processing of the interaction unit or the chaining unit is performed in parallel. A data processing device according to claim 1. 7. The data processing apparatus according to claim 2, wherein a length of the small block and / or a number of the small blocks to be chained can be changed. 8. A communication system for performing encrypted communication between communication devices using the data processing device according to any one of claims 2 to 6, wherein the communication device is determined by the length of the small block and the number of small blocks to be chained. A communication system wherein a block length is used as a secret shared by a transmitting side and a transmitting side. 9. The communication system according to claim 8, wherein said block length is variable for each block. 10. The communication system according to claim 9, further comprising a random number generator that determines the variable block length based on a seed shared by the transmitting and receiving sides. 11. The communication system according to claim 8, wherein a timing of switching the direction of the chain is set as a secret shared by a transmitting side and a transmitting side. 12. Control of a data processing device that divides a plaintext or ciphertext into two or more small blocks and performs data processing on a small block basis to form a new small block, thereby performing encryption processing or decryption processing. A conversion means for converting a small block by a key; an interaction means for causing the small block converted by the conversion means to interact with another small block; and a chain for linking the small block with another small block. A computer-readable recording medium on which a program for causing a computer to function as means is recorded. 13. The division of the plaintext or the ciphertext into two or more small blocks is performed by sequentially dividing the plaintext or the ciphertext from the head and receiving an odd-numbered small block from the head and data processing. The succeeding small block is an odd-numbered column small block, and the even-numbered small block from the beginning and the succeeding small block that has undergone data processing are an even-numbered small block. 13. The recording medium according to claim 12, wherein the small block and the even-numbered small block interact with each other, and the chaining unit links odd-numbered columns or even-numbered columns. 14. The direction of the chain is a sequential direction of columns.
The conversion means is provided in one or more stages corresponding to each of the odd columns, and is provided with means for changing the length of the small blocks and / or the number of chained small blocks. Item 14. The recording medium according to Item 13.